Posted
by
timothyon Sunday July 08, 2012 @11:39AM
from the just-work-on-your-mnemonics dept.

LoudMusic writes "One of the many tasks of a network administrator is documenting the network so that other members of the administration and support teams can find devices on the network. Currently my organization uses Excel spreadsheets to handle this, and it's invariably error ridden. We also save a new file with the date in the name each time an update is made. I'd like to move this to a more intelligent database system, but the driving force for keeping it in spreadsheets is the ability to take the document offline, edit it, then upload this new revision to the file server when we have a connection again. Our clients often don't have reliable internet connections, especially when we're tearing their network apart and rebuilding it. The information we're currently documenting about an individual device are: device name, device model, description, IP address, MAC address, physical location, uplink switch & port, and VLAN. What tools exist that would allow us to have multiple users make updates both online and offline simultaneously, and synchronize changes into both the online and offline copies?"

Well, maybe MyCo buys this, but AFAIK this is part of a modern Windows infrastructure and all provided by MS. Works seamlessly on XP, so it's not bleeding edge tech. If it's reachable by network, then XP in a domain environment offers an offline ability. I'm not saying the merge is painless, but at least conflicts are flagged, which is more than the current situation the OP suffers.

Only if you want it to fail completely at the worst possible moments, buy expensive clients, and run headlong into the built-in limitations with no possibility to extend or work around them without hiring 3 people to support Sharepoint. I just dealt with a company that had gone this route, and it was very difficult to extract any information to usable configuration or scanning information, especially for security surveys.

What you need depends on the scale. Large environments might benefit from commercial to

I have to agree with this. Sharepoint is actually a pretty darn good CMS / collaboration tool. What's great about it is that is a large complex framework that offers tons of flexibility what's terrible about it is that is a large complex system.

There is another problem with Sharepoint, its way to easy to get started with and not know anything about it. This is typical of most Microsoft Solutions actually. If you are never going to have more than 20 people using it occasional it probably run fine forever, but as we all know things rarely stay that way. If its good for your group some other group in your org will want to start using it, than another and so on and so forth. Pretty soon your basic point click one box deployment on SQL Express is in real trouble.

Don't kid yourself Sharepoint aint easy. Good Sharepoint support and development people have lots of knowledge about Sharepoint, and they will have worked pretty hard to get it, it won't have come with trial and error running a box part time. You most likely won't have time to just pick it up yourself. You are going to end up hiring people to run it. Sharepoint is only a good solution if you have people to support it or your really know and I mean really know that its going to stay a small simple environment.

If your company has it, if not, and you have a spare Win2K8R2 machine laying around you can just install the free version.

SharePoint is a horror show and is nearly impossible to maintain unless you've got a dedicated team of people with a PhD in SharePoint. Just one example of weird/problematic behavior: all files in document libraries are stored as database records. Yes, no matter how big they are. So if you want to post an install disc ISO to your SharePoint site so your techs can all access it? Have fu

The points you make are mostly related to SharePoint 2007.
SharePoint Foundation 2010 installs almost too easily on Windows 2008 R2. there is a like two click prerequisite installer and another similar easy installer for SharePoint itself. It's like a 1 on a difficulty scale of 1 to 10. Then throw in Search ServerExpress 2010 with a super easy install that integrates wi SP and crawls and indexes your file servers and bam, you have some serious just about FREE capabilities.
Also third party tools are no lo

At one point where I wanted something similar, I did it with a dot notation file and GraphViz. It had the following advantages:

- As it's text, version control and multiple users can be handled quite easily.- It's open source.- The only tool you need to make updates is a text editor.- It can be displayed as a Node diagram (or other) using a variety of free tools.

Each documented node can specify name, MAC, address, type, model, etc, and you can define the links between nodes. You can also use this to handle

Sadly, I've seen things quite similar, but this is what happens if you let end users design a system.

"We need a menu |screen |report |transaction |table |program| app[1] that has the customer phone no and name in it. And another one that has the name and city. And another that has the fiscal ID and the phone number... "

Essentially replicating a card index (or rather, several).

The joke was, a sophisticated multifunction search that did all that and loads more was already there, right out of the box.

But they are used for the same reason paper systems are used. Simplicity and human-readable hard copy that captures all the details. They just get used in situations that are way too complex.

Considering the orignal problem, if it's a network that isn't hierarchical and simple enough in design that these simple records aren't good enough and easy to maintain, well, that's part of the problem.

In the real world, away from press releases, sadly, Excel is the real world enterprise DBMS for almost all corporations.

Even before Excel I was using Lotus 1-2-3 as DBMS... why? Because it's easy to setup, easy to use, and it Just Works for many basic database applications.Yet, somehow, this is (on Slashdot) always the user misusing the [spreadsheet] program rather the failure of DBMS's.

Yet, somehow, this is (on Slashdot) always the user misusing the [spreadsheet] program rather the failure of DBMS's

Not always, just sometimes when the thing gets to be too big. There's one in my workplace that locks the user out for around 10 seconds after any data entry. It's a spreadsheet macro that grew, office politics keeps it in use and any performance issues are blamed on "the network" even when it's run locally with the network cable unplugged! That's an extreme pathalogical example, but there se

Instead of file name encoded versioning system, use a distributed version control system: Git, Mercurial, Bazaar. It solves your offline problem too and you can keep committing changes when the network is down... And you keep track of who did what.

You can solve the last 2 problems by working with csv (comma-separated-values) files. Just about any spreadsheet app (Excel, OpenOffice, Gnumeric) can edit them, and you can even edit them in a text editor if need be. As text, they'll diff easily, so you can merge, etc. in your VC of choice.

Sure they can handle them but can they handle them in a way that works sanely with them being the primary copy and stored in a VCS? can they open a csv created by another package, allow it to be editing and then save it back out again such that when the csv files are diffed the ONLY changes are the ones the user made. can they store stuff like column widths and other stuff thst csv doesn't support in a seperate file that sits alongside the csv?

Ok well to truly document your network I would say Visio some kind of visual application is going to be the best tool. I don’t use it to document client ports but all the big inter connections between routers and switches to give you a good understanding of what is going on. Using a spreadsheet only is not going to be a good way to document anything, I visual representation is always going to be better to get a good understanding on what is going on. Sometimes I do put notes on what kind of client por

Dot gives you the same sort of thing without having to be able to draw or remember to lay everything out with enough gaps at the start for new additions. While doing anything complex means having to actually read the docs it's very simple for simple stuff.An item branching to two others is as simple as:apple -> beetrootapple -> cucumber

I recommend the self-documenting approach. You already have to map name and MAC in dhcpd.conf (assuming you use DHCP reservations), so just put some extra comments in there (what the device actually is). That way you can be fairly sure that the docs will remain in sync with reality. However, that approach only works for relatively small networks.

In general, avoid the "split brain" approach where you have independenytly generated documentation AND config files. Make one generate the other.

-Free-Easy to use and familiar look to "office" users-Only requires a web browser or a smartphone-Automatically saves revisions of the same file so you don't have to manually version
(Come on! It's 2012 out there and IT people are still manually versioning files? Have you been trapped in a time loop?)-Collaborative so allows simultaneous edits of the same document (yes, simultaneous. No weird concept of lock-and-release queue.)-Now has an offline mode that automatically reconciles edits when online again

I worked for a place that had a half-dozen people or so updating software on 13,000+ computers (via dialup).

They used the spreadsheet in Google Docs to keep track of everything, and it worked brilliantly. It allowed them to keep track of things from anywhere (some of the work had to be done in the middle of the night, so working from home was common), which meant that everyone kept the master spreadsheet up to date, rather than tracking the changes manually and then (maybe) updating a corporate version

For most small businesses an excel file is fine. Medium business, use a wiki or something. Large enterprise networks need some kind of CMDB. I use Racktables, but other ones like iTop exist too. There are also paid offerings like Cisco Prime, or Orion.
One really interesting offering is this software called Blueprints by pathway systems. It's more about dependency mapping, but it does network documentation too.

And not once, not twice, but thrice I've had to deal with said tangles. My solution was the same in all cases. Set aside some time and COMPLETELY document it. I use excel and conditional formulas to create cross lists for separate panels, to catch errors while trying to document.

Then once I'm certain I have it right, develop a new organization, then pull everything and start over.

My first experience with this removed multiple token rings, at least FOUR loops, and consolidated twelve hubs (not switches) and installed a master switch. Boot times on the floor went from 30 minutes to 45 seconds, and daily network problems vanished never to return. The morning after the rebuild we experienced an entire day of jaw-dropping throughout the building.

Do it. It's so worth it.

Also another hint. If you have to deal with a lot of unmarked jacks throughout the building, enlist a helper or two and use wireless headsets. One person at the rack with a keen eye for a light going out, and another one or two elsewhere briefly unplugging ethernet cables from live machines. Makes identification of jacks actually quick and easy.

Also another hint. If you have to deal with a lot of unmarked jacks throughout the building, enlist a helper or two and use wireless headsets. One person at the rack with a keen eye for a light going out, and another one or two elsewhere briefly unplugging ethernet cables from live machines. Makes identification of jacks actually quick and easy.

FYI: Most decent cable tracers will have a "blink" function. You plug in a module under the desk and it'll blink the switch status light with a pattern that's easy to pick out of a rack by glance. If the port's not cross-connected, then it's time to break out the tone and pickup wand.

You cannot imagine how frustrating it is to send a mail to a site admin on another continent saying something like:

"Our intrusion detection systems - for which the company invested hundreds of thousands of dollars, not to mention the countless man hours configuring, testing and analyzing results - have identified that the PC named X, connected to port Y of switch Z is clearly virused. It appears to be sharing a mini-switch with compute

Then use the coding in your documentation and floor plans. Or just document them properly as they are put in.

In all of my cases I wasn't the one that put it in. In most of them the cable dogs had installed jacks without marking them, and end up with a big wad of cable coming out the ceiling and just put ends on them and plug directly into ports on hubs/switches, or randomly punch them down on the panel and then randomly run jumpers from the panel to the switches. Definitely the lazy approach, but that's w

OCS Inventory [ocsinventory-ng.org] is a database and reporting interface that will keep an up-to-date database of the devices on your network(s). It's got a server component that runs on Linux or Windows (Linux is recommended) and client agents that run on Windows, *nix, and MacOS X. The client agents also use nmap to scan for other types of nodes, such as routers and printers. It's very slick; I've used it for six years for my job, and we currently track over 500 computers plus a few other devices through nmap.

The whole thing is GPL, and you can opt for a support contract.

It can also integrate with another package called GLPI [glpi-project.org], which among other things handles trouble tickets and is also Free.

Um, you're a technologist in charge of a network of computers, and you want to use a manual system to document your own network so that "other members of the administration and support teams can find devices on the network"?

This is like some dystopian sic-fi satire.

That "network" thing you have, with all its "devices," can actually tell you what it's doing! Better yet, some of those devices can "execute code," which is technology talk for stuff like generating lists of devices and their attributes, putting the results in a spreadsheet, etc.

Google "ping" and "traceroute." Then work your way into the 1990s, then the 2000s, then take a look at some of the tools we have today.

Use LibreOffice Calc, open a cell at the top left height: half the page tall and width: about 6 inches. Then use the drawing features of Calc and just put boxes, connectors, labels, etc. in your drawing. I usually then put written information below the drawing cell that describes special details network details, issues, and special notes about wiring. By having the entire page saved as an.ods document, you'll be able to open it easily. (I have over 150 such pages for clients in my business.)

I'm reading all the recommendations, and it's giving me a case of Tourette's. Haven't any of these people actually had to DO what they're talking about? There's a whole realm of software meant just for this purpose: it's called IPAM, or "IP Address Management." The proper solutions also contain exactly the information you're looking to capture in addition as well, and integrate with DNS (or, in some cases, include robust DNS capability) so that they are accurate and you don't need to update the database when you set a new DNS entry. Infoblox makes one of the better implementations that I've seen, but since I don't know your exact needs in detail, I would simply look at IPAM solutions in general.

It depends on the size of your organization and what you're really trying to do. If the main purpose is to keep an inventory of a small amount of equipment, along with physical location, and you just want to keep the IP information along with it, then setting up software specific to that purpose can be overkill. Sure, you can tie stuff into DNS and DHCP to keep track of IP changes, but it may be that you're also keeping track of printers and peripherals, which won't show up on an IP scan. Maybe you have

Haven't any of these people actually had to DO what they're talking about? There's a whole realm of software meant just for this purpose

Thanks to TIMTOWTDI and the lack of regulation, there's a tradeoff in working in the nascent field of PC tech. Qualified degree-holders are the minority, and certs, colleges and pro training courses focus on vendor tools like CISCO, COMPTIA rather than general solutions --you learn those from textbooks and Real-Life networking interaction. It's part of our sad lock-in world. Compare to how each PC tech applies their personal choice of tools for, say, spyware-cleaning. It's not like there's a law to follow t

Yes, but there's a vast chasm of difference between not knowing about a pre-existing set of tools, and just saying (to quote one answer) "Sharepoint" with no additional information beyond that. Let's face it; that's not a helpful answer, even towards going down the wrong path. But even more noteworthy is that I didn't have anyone else teach me about IPAM options. When the time came and I needed to do something like that, I found out abou them via Google. Of course, at that point, I knew how to develop r

We input machine name, make, model, serial number, host name, IP, physical location, wall port #, where the funding comes.from, role of the machine, and it allows.you to attach devices together (say you have a monitor in epic and a scanner, and a PC... and the monitor is attached to the PC as is the scanner.. epic allows.you to add those devices to.the base unit).

Every piece of equipment at the 6 libraries on the main campus as well as all the branch campuses of Penn state are in the database. We also have it linked to big fix so it will list any machines big fix finds that isn't in our epic database as well as the other way around.

You can then search and filter via criteria and download any "reports" via a csv file.

We log more.info.than I listed (like Mac address etc) but that gives you an idea

Last time I had to map a network I used a tool from http://www.solarwinds.com/products/toolsets/discovery-tools.aspx [solarwinds.com]. It worked really well, I decided later to write my own tool using nmap and C. Now I can't give out the actual program because the company who I worked for owns it, but if you have a weekend it's a great quick way to write a tool that can discover networks.

I second the original approach: check out Solarwinds (www.solarwinds.com). They have a lot of network and asset management tools, many of them free. They have an IP address-based discovery/spreadsheet free tool that does most of what the original poster is looking for.

MediaWiki is your friend. I set up one for a company a few years ago any later started using it to document my responsibilities there, which cover almost the entire ICT system.

My part of the wiki starts on an ICT page, which is divided into sections for Hardware, Software and Telecom. Each contains a number of links to articles with table overviews that contain links to further, more specific articles. The Hardware section has links to eight articles: Servers, Workstations, Monitors, Ethernet networks, Printers Scanners, Wi-Fi and Ethernet switches. The Software section has links to seven articles: Software packages, Scripts, Domain names, IP subnets, Websites, Cronjobs and AFS volumes. The Telecom section has links to six articles: Phone numbers, telecom subscriptions, Modems, Faxes, Telephones and PBXs. For each of the articles mentioned I also created index pages and every single article has various external and internal links for easy navigation. I even created a series of terminology articles to explain various concepts and how they are important to the site.

With several years of Wikipedia experience, the idea of using a wiki for this purpose seemed obvious to me. However, what was not easy was coming up with the structure outlined above. I had first tried out a deeper hierarchy based on the various geographical locations involved, but backed out of that idea when it was clear that it would be too much work.

Producing this kind of documentation in as much detail as I have represents a lot of work, but it has its advantages. For example, it not only means that critical knowledge about the system is now much harder to lose and easier to share, I've also learned many new things about the system (such as all the hardware specs) and it has also forced me to research areas that I wasn't completely sure about.

Why is wiki better than all the other structured systems out there? Because you can easily add all the notes that just don't have places to go. There are always "weird things" you want to add to the comments; there are always hyperlinks you want to make; and there is always the need to update something in a flexible way that structured systems don't allow.

We had a wiki system that documented all our IP allocations for servers; and we linked all the servers to the pages for how to rebuild

I'm a big fan of Pmwiki [pmwiki.org], it is file based so you are not trying to get your data out of a DB if something goes wrong, and it scales well. It also has a pretty good variety of plug-ins to extend functionality. Installation is a breeze.

create a table formatted like you have in your xls file and create a simple webpage to view the data in real time. You could upload the xls file to start exactly where you guys are at now and even create and export to spreadsheet feature if you need it for reporting etc. Should only take 2-3 hours to set everything up the way you want it.
My first thought was Sharepoint but that's also provided you have a Windows box to put it on and not just *.nix based servers.

I used to have the same type of setup. We required the field techs to submit an as built of what they put out there. Then we would run a script that checked to see that it was all online and configured properly, then stick it into a database.

It wasn't perfect. It didn't save a copy of the original upload so once it was in the db it was just more records.. reverting changes was a manual thing for me if something went wrong. But you can make it as complex as you like, your primary problem is going to be e

I've been thinking about the next time I do something like this and I'd take a serious look at doing it in Drupal. The Drupal website content management system you ask? Well once you get past a learning curve you realize that Drupal is a web based front end to a database which includes developer defined content types with custom fields and a CRUD front end with powerful permissions management, change tracking, query system, and presentation layer. For the offline issue there are export modules to Excel.

Question is how rich is your organization?
There are corporate tools like HP uCMDB DDMA that
keep the configuration database updated, detect changes, scan your networks etc...
If you do not have money - look for Configuration Management tools - this is what you are looking for.
If you totally lack money - use something like SVN/git etc.

I've seen dozens of methods at different companies, but I've only ever seen one that works and it works really well. Many of the top ISP's use a variant of it.

Let the network self document.

What does that mean? Well, typically it means some discipline in how descriptions are written. For instance ISP's will use a standard customer identifier on all ports. An enterprise might just use hostname. From there, tools like Rancid [shrubbery.net] can poll router and switch configs, store them in a version control system, and mail out changes to the entire staff. Rancid is great to use, because it reduces the human work load down to entering a single line for each device (name and OS type), and making sure that the device accepts logins.

Now that all the configs are archived and you have the one true list of devices it's trivial to take that list of devices and feed it to other tools. One of the first might be NetDisco [netdisco.org] which probes the devices with SNMP and builds adjacency tables, tracks MAC addresses, and so on. From it's database you should be able to locate anything on the network in seconds.

Now that there is a complete picture of the network, it's time for a little scripting. Take the output of Rancid and/or Netdisco, and use it to for instance build an MRTG [oetiker.ch] configuration file, or a list of things for Nagios [nagios.org] to probe. It's fairly easy to take the NetDisco adjacencies and run them into a tool like GraphViz [graphviz.org] to produce a network diagram.

I know of at least two ISP's using this basic formula, and it works really well. Going to an internal web site they can bring up diagrams, usage graphs, MAC tables, IP information and all sorts of other things about any device in the network in seconds. Once devices are in the system it is 100% automated, turn on a new port and it is magically graphed, MAC tracked, and added to the diagrams. Turn it off, it magically goes away. Everything is in version control so old state can be reconstructed. The only human manual intervention is adding/removing one line to the Rancid config when a device is turned up or turned down. I have even seen folks automate that with Netdisco (but, I think that can be problematic, as it's almost circular).

Spreadsheets, Visio diagrams, and the like are always out of date. Someone will always make a change and forget to update it. Some places are only a little out of date, most places are downright wrong. Self documenting is achievable, and always 100% current.

I'm actually releasing a beta of my software/service that will initially have a strong focus on Network Documentation in the next couple of weeks if anyone is interested. I initially created it due to my frustration with Netdoc and it's now gotten to the point where it has various features netdoc does not have while being a fraction of the cost and much more pleasant to use. If you're interested, you can check out the website at www.flextory.com [flextory.com] and send me an e-mail if you're interested in trying it out

Otherwise, I love this. Enough to actually, you know... Pay for it! Lol. The free version doesn't do push scanning (just run a small script as part of the computer startup or login routine, instead) and doesn't give one click access to some of the tools. You probably already have most of those tools available otherwise, though, VNC or other remote desktop,

Why would you spend time doing this by hand when you can have SNMP probe the network for you? It can collect nearly all that information. You might have to put in some smarts to correlate switch port activates and new clients requesting DHCP, but that's easy (hint: your key is MAC address). If you need to, you can have the SNMP client supply custom OIDs to query for more specific information. Then just dump into the DB of your choice. THEN you add the appropriate DB driver to your visualizer of choice

To answer OP's question. Use OneNote. Awesome online and off, editable by many at the same time, tracks who changed what, securable, and super easy to do documentation in it. We use it to document thousands of network and other devices for our team of techs.

I was going to suggest the same thing. And the best part is that it requires absolutely no server-side app or back-end. You just store your primary files on a server, on each of your tech's laptops you "open" the "notebook," OneNote creates a cache of the files on the laptop that can be used even when not connected to the network. Then, all your tech's can modify to their heart's content while out in the field. Then, when they get back in to the office, OneNote synchronizes all the different data into the p

At one job, I wrote a little tool to keep a database updated with this kind of information.

The servers were Linux, so it made it much easier to pull the necessary information. It's doable with Windows too. I'll only describe its function. There should be someone who can write the functional parts.

Basically, there were a few tables with what was described in the existing spreadsheet. There were a few other fields, such as last modified, current state (online/

Google for Configuration Management Database software / solutions. Most corporate tools come with a sniffer / loader utiliy to scan the network, hook in or plug into servers and devices and update the CMDB in relative real time.

Those could be handy with the right smartphone app. Shoot the QR and the app finds it in the database (not spreadsheet) and shows you the network diagram around it (as last known to be wired or scanned).

What hasn't really been mentioned is the use of cdp. If your switches and routers (both Cisco and some non-cisco) support this information it can be very useful to inventory connections. Checkin scripts can update an endpoint with the port information. Then simply tracking the physical location of resources by either asset id and mac address ties the network topology to a physical locality.